Skip to content

Add workflow for OpenSSF Scorecard #7074

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 21, 2025
Merged

Add workflow for OpenSSF Scorecard #7074

merged 1 commit into from
Feb 21, 2025

Conversation

mhucka
Copy link
Contributor

@mhucka mhucka commented Feb 21, 2025

Scorecard (https://github.com/ossf/scorecard) is an automated tool that assesses a number of checks associated with software security and assigns each check a score of 0-10. Once installed, it will create a report at https://scorecard.dev/viewer/?uri=github.com/quantumlib/Cirq

The use of Scorecard is suggested in Google's internal GitHub guidance (go/github-docs).

An example of a Scorecard report for OpenFermion can be seen here: https://scorecard.dev/viewer/?uri=github.com/quantumlib/OpenFermion

@mhucka
Add workflow for OpenSSF Scorecard
3891f2d 
Scorecard (https://github.com/ossf/scorecard) is an automated tool
that assesses a number of important checks associated with software
security and assigns each check a score of 0-10. It creates a report
at https://scorecard.dev/viewer/?uri=github.com/tensorflow/quantum
@CirqBot CirqBot added the size: M 50< lines changed <250 label Feb 21, 2025
@codecov Codecov
Copy link

codecov bot commented Feb 21, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.18%. Comparing base (ca6ceb3) to head (3891f2d).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #7074      +/-   ##
==========================================
- Coverage   98.18%   98.18%   -0.01%     
==========================================
  Files        1089     1089              
  Lines       95237    95237              
==========================================
- Hits        93508    93507       -1     
- Misses       1729     1730       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@mhucka mhucka marked this pull request as ready for review February 21, 2025 05:25
@mhucka mhucka requested review from vtomole and a team as code owners February 21, 2025 05:25
@mhucka mhucka requested a review from maffoo February 21, 2025 05:25
@mhucka mhucka enabled auto-merge February 21, 2025 05:25
@mhucka mhucka requested review from pavoljuhas and removed request for maffoo February 21, 2025 05:25
pavoljuhas
pavoljuhas approved these changes Feb 21, 2025
View reviewed changes
Copy link
Collaborator

@pavoljuhas pavoljuhas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@mhucka mhucka added this pull request to the merge queue Feb 21, 2025
Merged via the queue into quantumlib:main with commit a2bf6e8 Feb 21, 2025
38 checks passed
@mhucka mhucka deleted the mh-add-scorecard-workflow branch February 21, 2025 21:47
BichengYing pushed a commit to BichengYing/Cirq that referenced this pull request Jun 20, 2025
@mhucka @BichengYing
Add workflow for OpenSSF Scorecard (quantumlib#7074)
b46ecca 
Scorecard (https://github.com/ossf/scorecard) is an automated tool
that assesses a number of important checks associated with software
security and assigns each check a score of 0-10. It creates a report
at https://scorecard.dev/viewer/?uri=github.com/tensorflow/quantum
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pavoljuhas pavoljuhas pavoljuhas approved these changes

@vtomole vtomole Awaiting requested review from vtomole vtomole is a code owner

Assignees
No one assigned
Labels
size: M 50< lines changed <250
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mhucka @pavoljuhas @CirqBot